CompTIA
PT0-001 · Question #167
A web server is running PHP, and a penetration tester is using LFI to execute commands by passing parameters through the URL. This is possible because server logs were poisoned to execute the PHP syst
Sign in or unlock PT0-001 to reveal the answer and full explanation for question #167. The question stem and answer options stay visible for context.
Attacks and exploits
Question
A web server is running PHP, and a penetration tester is using LFI to execute commands by passing parameters through the URL. This is possible because server logs were poisoned to execute the PHP system ( ) function. Which of the following would retrieve the contents of the passwd file?
Options
- A''&CMD_cat /etc/passwd--&id-34''
- B''&CMD=cat / etc/passwd%&id= 34''
- C''&CMD=cat ../../../../etc/passwd7id=34'
- D''&system(CMD) ''cat /etc/passed&id=34''
Unlock PT0-001 to see the answer
You've previewed enough free PT0-001 questions. Unlock PT0-001 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#LFI#log poisoning#PHP#web exploitation